Enterprises have become increasingly dependent on computer network infrastructures to provide services and accomplish mission-critical tasks. Indeed, the performance, security, and efficiency of these network infrastructures have become critical as enterprises increase their reliance on distributed computing environments and wide area computer networks. To that end, a variety of network devices have been created to provide data gathering, reporting, and/or operational functions, such as firewalls, gateways, packet capture devices, bandwidth management devices, application traffic monitoring devices, and the like. For example, the TCP/IP protocol suite, which is widely implemented throughout the world-wide data communications network environment called the Internet and many wide and local area networks, omits any explicit supervisory function over the rate of data transport over the various devices that comprise the network. While there are certain perceived advantages, this characteristic has the consequence of juxtaposing very high-speed packets and very low-speed packets in potential conflict and produces certain inefficiencies. Certain loading conditions degrade performance of networked applications and can even cause instabilities which could lead to overloads that could stop data transfer temporarily.
To facilitate monitoring, management and control of network environments, a variety of network devices, applications, technologies and services have been developed. For example, certain data flow rate control mechanisms have been developed to provide a means to control and optimize efficiency of data transfer as well as allocate available bandwidth among a variety of business enterprise functionalities. For example, U.S. Pat. No. 6,038,216 discloses a method for explicit data rate control in a packet-based network environment without data rate supervision. Data rate control directly moderates the rate of data transmission from a sending host, resulting in just-in-time data transmission to control inbound traffic and buffering of packets, and reduce the inefficiencies associated with dropped packets. Bandwidth management devices also allow for explicit data rate control for flows associated with a particular traffic classification. For example, U.S. Pat. No. 6,412,000, above, discloses automatic classification of network traffic for use in connection with bandwidth allocation mechanisms. U.S. Pat. No. 6,046,980 discloses systems and methods allowing for application layer control of bandwidth utilization in packet-based computer networks. For example, bandwidth management devices allow network administrators to specify policies operative to control and/or prioritize the bandwidth allocated to individual data flows according to traffic classifications. In addition, certain bandwidth management devices, as well as certain routers, allow network administrators to specify aggregate bandwidth utilization controls to divide available bandwidth into partitions. With some network devices, these partitions can be configured to provide a minimum bandwidth guarantee, and/or cap bandwidth, as to a particular class of traffic. An administrator specifies a traffic class (such as FTP data, or data flows involving a specific user or network application) and the size of the reserved virtual link—i.e., minimum guaranteed bandwidth and/or maximum bandwidth. Such partitions can be applied on a per-application basis (protecting and/or capping bandwidth for all traffic associated with an application) or a per-user basis (controlling, prioritizing, protecting and/or capping bandwidth for a particular user). In addition, certain bandwidth management devices allow administrators to define a partition hierarchy by configuring one or more partitions dividing a network path and further dividing the parent partitions into one or more child partitions. U.S. patent application Ser. No. 10/108,085 discloses data structures and methods for implementing a partition hierarchy.
Certain application traffic management devices, such as the PacketShaper® application traffic management device, offered by Packeteer®, Inc. of Cupertino, Calif., support the concurrent use of aggregate bandwidth policies (e.g., partitions), and per-flow bandwidth policies, such as rate policies enforced by the TCP Rate control technologies disclosed in U.S. Pat. No. 6,038,216. A partition is essentially a bandwidth allocation and queuing mechanism. That is, after a packet processor classifies each packet and pushes each packet onto a partition queue associated with the appropriate partition, another process, typically, loops through the partition queues to pop packets off the queues and populate an output queue. Aggregate bandwidth allocation among the different partitions essentially establishes a preference by which a flow control mechanism arbitrates among the corresponding partition queues. For example, a flow control module, while arbitrating among the partition queues, may read more packets from partitions having a higher allocation of bandwidth relative to partitions that have lower allocations. For example, as disclosed in U.S. application Ser. No. 10/108,085, incorporated by reference above, the bandwidth allocated to a given partition affects the rate at which the partition is selected by an output scheduling process and therefore the length of time packets are buffered in the corresponding partition queue. In addition, TCP Rate Control technologies can be used to affect per-flow rate policies to control or influence the rate at which packets are received at a network device and, therefore, use of inbound network bandwidth and the amount of data that is queued at any given time.
The Transmission Control Protocol (TCP) provides connection-oriented services for the protocol suite's application layer—that is, the client and the server must establish a connection to exchange data. TCP transmits data in segments embodied in IP datagrams, along with checksums, used to detect data corruption, and sequence numbers to ensure an ordered byte stream. TCP is considered to be a reliable transport mechanism because it requires the receiving host to acknowledge not only the receipt of data but also its completeness and sequence. If the sending host does not receive notification from the receiving host within an expected time frame, the sending host times out and retransmits the segment.
TCP uses a sliding window flow-control mechanism to control the throughput over wide-area networks. As the receiving host acknowledges initial receipt of data, it advertises how much data it can handle, called its window size. The sending host can transmit multiple packets, up to the advertised window size, before it stops and waits for an acknowledgment. The sending host transmits data packets up to the advertised window size, waits for acknowledgement of the data packets, and transmits additional data packets.
TCP's congestion-avoidance mechanisms attempt to alleviate the problem of abundant packets filling up router queues. TCP's slow-start algorithm attempts to take full advantage of network capacity. TCP increases a connection's transmission rate using the slow-start algorithm until it senses a problem and then it backs off. It interprets dropped packets and/or timeouts as signs of congestion. The goal of TCP is for individual connections to burst on demand to use all available bandwidth, while at the same time reacting conservatively to inferred problems in order to alleviate congestion. Specifically, while TCP flow control is typically handled by the receiving host, the slow-start algorithm uses a congestion window, which is a flow-control mechanism managed by the sending host. With TCP slow-start, when a connection opens, only one packet is sent until an ACK is received. For each received ACK, the sending host doubles the transmission size, within bounds of the window size advertised by the receiving host. Note that this algorithm introduces an exponential growth rate. The TCP transmitter increases a connection's transmission rate using the slow-start algorithm until it senses a problem and then it backs off. It interprets dropped packets and/or timeouts as signs of congestion. Once TCP infers congestion, it decreases bandwidth allocation rates.
Application traffic management devices are often deployed at the edges of enterprise networks to control bandwidth utilization, for example, across an access link to a wide area network (WAN). When the traffic management device is situated at that single gateway between one and other networks, it will logically be able to process all inbound and outbound traffic. As a result, the device can effectively classify, flows and maintain rate control policies on specific partitions.
However, application traffic management devices are often deployed in other scenarios. For example, it is often desirable to deploy multiple devices at multiple gateways of a particular autonomous system such as autonomous system AS1 shown in the network environment 2 of FIG. 1. Autonomous system AS1 could perhaps be an Internet Service Provider (ISP) which may support multiple gateway connections to a plurality of autonomous systems. As mentioned, AS1 may include multiple network devices (e.g., application traffic management devices ND1, ND2 and ND3) each of which is situated in-line with a router (4, 6, 8). AS1 is also connected a network 10, via router 12, and network 10 includes multiple workstations 12a-12d and a server 14.
Given the routing behavior of packet switched networks, acknowledgments and other network traffic pertaining to a particular data flow may not necessarily come through the same PacketShaper® that sent packets that resulted in the return ACK. For example, workstation 12c initiates a data flow that includes one or more packets and those packets are forwarded through ND1 to their ultimate destination, workstation 16 of network 18. The packets travel, for example, through AS1 and AS2 in order to get to workstation 16. In response, workstation 16 sends an ACK that is routed through AS4 and AS3. If the return ACK reaches AS1 through AS3, ND1 will not see it, which can adversely affect proper traffic flow classification and/or traffic management functions. For example, certain network traffic types can not be classified based on a simple analysis of port numbers, and may require examination of traffic flow in both directions to be appropriately classified. The inability to properly classify such network traffic therefore prevents the identification of one or more desired policies that should be applied to the network traffic. This situation can also occur in the reverse direction. For example, workstation 16 may initiate a data flow that includes one or more packets destined for workstation 12c. Those packets may travel through ND2 and a return ACK from workstation 12c could perhaps travel through ND1 on its way to workstation 16. These types of data flows where the return path (or at least the edge device on which return packets are encountered) is different from the forward path (or the edge device from which packets are originally forwarded) are sometimes referred to as asymmetric data flows.
In view of the foregoing, it may be beneficial to provide methods, apparatuses and systems to detect asymmetric data flows and share information on those asymmetric data flows between the various application traffic management or other network devices.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.